[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] security problem with bind version less than 8.2.3x on RAQ 1

Subject: [cobalt-security] security problem with bind version less than 8.2.3x on RAQ 1
From: Manfred Bayer <mb@xxxxxxxxxxxxxx>
Date: Wed, 14 Feb 2001 01:36:30 +0100
Organization: Standard Software
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hallo !

Our ISP (dialtoneinternet.net) has informed has that there
is a security problem with bind version less than 8.2.3x,
we have found a patch from cobalt for the RAQ 3 and RAQ 4
but the is no patch for RAQ 1 what should we do ?

Our System reports as follows:

[root@server admin]# rpm -qa |grep -i bind
bind-utils-8.2.2_P5-C2
bind-8.2.2_P5-C2
[root@server admin]

Please find attach the message from our ISP

Manfred

> Wednesday, February 13th, 2001
> Dialtone Internet
> Fort Lauderdale, Florida
> http://www.dialtoneinternet.com/
> VERY IMPORTANT: BIND Reminder #3...
> ~~~~~~~~~~~~~~~~~
>
> Dear Customer,
>
> I would like to remind you of the seriousness regarding the recent
BIND
> exploit released to the world.
>
> If you have a version of BIND less than 8.2.3x your server IS
vulnerable;
> Remember, it's not a matter of IF your server will be attacked, but
WHEN.
>
> Given the widespread deployment of the exploit code, it's only a
matter of
> time before the "bad guys" compile a program that will make hacking
your
> server as easy as "add the remote IP address and click RUN."
>
> The repercussions when your server has been hacked is loss of your
> DNS, connectivity, money, data, and possibly loss of your
> business if you do not have backups!
>
> 1. If hacked, your server MUST be rebuilt to fully secure it.
> 2. You will be charged for our time spent rebuilding your server.
> 3. The hacker can easily wipe your disk after gaining root, many do in

>    attempts to "cover" their tracks.
> 4. If your server is hacked, and then used in attacks on our network,
your
>    contract MAY be canceled according to our AUP.
>
> Please update your BIND packages immediately!  You will find the
packages
> here...
>
> REGULAR Linux
> http://status.dialtoneinternet.net/status/81.html
>
> Cobalt RaQ3
> http://www.cobalt.com/support/download/raq3.eng.html
>
> Cobalt RaQ4
> http://www.cobalt.com/support/download/raq4.eng.html


--
Mit freundlichen Grüßen


Manfred Bayer, Geschäftsführer
Standard Software  VertriebsgesmbH
www.gotoweb.at    www.bueroware.at
Tel: +43 1 294 0200-0   Fax: DW 33
Mit GOTOWEB schnell ins E-Business

Follow-Ups:
- Re: [cobalt-security] security problem with bind version less than 8.2.3x on RAQ 1
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] Possible list error
Next by Date: [cobalt-security] [RaQ3i] error log message
Previous by thread: Re: [cobalt-security] Possible list error
Next by thread: Re: [cobalt-security] security problem with bind version less than 8.2.3x on RAQ 1

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index